Request a Certificate from the Root CA Server
by Tom Pacyk, Andrew Abbate, Alex Lewis
Microsoft® Lync Server 2010 Unleashed
- Title Page
- Copyright Page
- Dedication
- Contents at a Glance
- Table of Contents
- About the Authors
- Acknowledgments
- We Want to Hear from You!
- Reader Services
- Introduction
- Part I. Overview
- Chapter 1. What Is Microsoft Lync Server?
- Chapter 2. What Is New in Microsoft Lync Server?
- Introducing New Management Tools
- Topology Changes
- New Enterprise Voice Features
- New Call Management Features
- Integrated Mediation Server
- New Presence Features
- New Conferencing Features
- DNS Load Balancing
- Survivable Branch Appliances
- Operating System Support
- New Lync Client Features
- Client Appearance
- The “Me” Area
- Enhanced Contacts
- Privacy Relationships
- Integration with Office and Windows 7
- Whiteboarding and Application Sharing
- Improved Meeting Join Experience
- Conferencing Attendant and Scheduling
- PSTN Dial-In Conferencing Improvements
- Video Improvements
- Manager/Admin Improvements
- Improved Phone Experience
- Summary
- Chapter 3. Feature Overview of Microsoft Lync Server
- Chapter 4. Benefits of Microsoft Lync Server 2010
- Part II. Microsoft Lync Server 2010 Server Roles
- Chapter 5. Microsoft Lync Server 2010 Front End
- Chapter 6. Microsoft Lync Server 2010 Edge
- Chapter 7. Microsoft Lync Server 2010 Monitoring
- Overview
- Installation
- Configuration
- Administration
- Troubleshooting
- Best Practices
- Summary
- Chapter 9. Director
- Part III. External Dependencies
- Chapter 10. Dependent Services
- Chapter 11. SQL
- Chapter 12. Firewall and Security Requirements
- Part IV. Administration and Management
- Chapter 13. Monitoring Microsoft Lync Server 2010
- Overview
- OpsMgr Lync Server 2010 Monitoring
- What Is New in OpsMgr R2?
- How OpsMgr Works
- OpsMgr Architecture
- How to Use OpsMgr
- OpsMgr Component Requirements
- Advanced OpsMgr Concepts
- Understanding OpsMgr Deployment Scenarios
- Multiple Configuration Groups
- Deploying Geographic-Based Configuration Groups
- Deploying Political or Security-Based Configuration Groups
- Sizing the OpsMgr Database
- Defining Capacity Limits
- Defining System Redundancy
- Monitoring Nondomain Member Considerations
- Securing OpsMgr
- Installing Operations Manager 2007 R2
- Installing Edge Component Monitoring Certificates
- Installing the Lync Server 2010 Management Pack
- Best Practices
- Summary
- Chapter 14. Backup and Restore of Microsoft Lync Server 2010
- Chapter 15. Administration of Microsoft Lync Server 2010
- Chapter 13. Monitoring Microsoft Lync Server 2010
- Part V. Migrating from Older Versions
- Part VI. Voice
- Chapter 17. PBX Integration
- Chapter 18. Enterprise Voice
- Chapter 19. Audio Conferencing
- Part VII. Integration with Other Applications
- Chapter 20. Exchange 2010 and SharePoint 2010 Integration
- Overview
- Exchange 2010 Unified Messaging
- Call Answering Rules
- Exchange 2010 Unified Messaging Architecture
- Unified Messaging Users
- UM Web Services
- Supported IP/VoIP Hardware
- Unified Messaging Protocols
- Unified Messaging Installation
- Postinstall Configuration
- Data Storage in Unified Messaging
- Exchange 2010 Outlook Web Application
- SharePoint 2010 Integration
- Best Practices
- Chapter 21. UCMA
- Chapter 20. Exchange 2010 and SharePoint 2010 Integration
- Part VIII. Clients
- Chapter 22. Microsoft Communicator Client for Macintosh
- Chapter 23. Windows, Browser, and Silverlight Clients
- Chapter 24. UC Endpoints
- Part IX. Planning for Deployment
- Chapter 25. Virtualization
- Chapter 26. Planning for Internal Non-Voice Deployment
- Chapter 27. Planning for Deploying External Services
- Chapter 28. Planning for Voice Deployment
- Index
Request a Certificate from the Root CA Server
,Each of the management servers and the servers in the DMZ (that is, the Edge Transport servers) need to be issued certificates to use for communication.
Perform the following steps to request a certificate:
1. Log in as an administrator, open a web browser, and point it to the certificate server (in this case, https://dc1.companyxyz.com/certsrv).
2. Click the Request a Certificate link.
3. Click the advanced certificate request link.
4. Click the Create and Submit a request to this CA link.
5. In the Type of Certificate Template field, select Operations Manager.
6. In the Name field, enter the FQDN (Fully Qualified Domain Name) of the target server.
Note
Go to the actual server to get the name. On the server, go to Computer Properties > Computer Name. Copy the full computer name and paste it into the Name field of the form.
7. Click Submit.
8. Click Yes when you get the warning pop-up box.
9. Click Install this certificate.
10. Click Yes when you see the warning pop-up box. The certificate is now installed in the user certificate store.
Note
The certificate was installed in the users’ certificate store but needs to be in the local computer store for Operations Manager. The capability to use the web enrollment to directly place the certificate into the local computer store was removed from the Windows Server 2008 web enrollment, so the certificate must be moved manually.
11. Select Start, Run, and enter mmc to launch an MMC console.
12. Select File and Add/Remove Snap-In.
13. Select Certificates and click Add.
14. Select My User Account and click Finish.
15. Select Certificates again and click Add.
16. Select Computer account and click Next.
17. Select the Local computer, click Finish, and OK.
18. Expand the Certificates—Current User, Personal, and select the Certificates folder.
19. In the right pane, right-click the certificate issued earlier (in this example, EX3.companyxyz.com) and select All Tasks, Export. The certificate can be recognized by the certificate template name Operations Manager.
20. At the Certificate Export Wizard, select Next.
21. Select Yes, export the private key. Click Next.
22. Click Next.
23. Enter a password and click Next.
24. Enter a directory and filename (such as c:EX1cert.pfx) and click Next.
25. Click Finish to export the certificate. Click OK in the pop-up box.
26. Expand the Certificates (Local Computer), Personal, and select the Certificates folder.
Note
If this is the first certificate in the local computer store, the Certificates folder will not exist. Simply select the Personal folder instead, and the Certificates folder will be created automatically.
27. Right-click in the right pane and select All Tasks, Import.
28. In the Certificate Import Wizard, select Next.
29. Click Browse to locate the certificate file saved earlier. Change the file type to Personal Information Exchange (pfx) to view the file. Click Next.
30. Enter the password used earlier, select Mark This Key as Exportable, and click Next.
31. Click Next.
32. Click Finish and OK in the pop-up box to complete the import.
The previous steps need to be completed for each Edge Component server and for each management server.
-
No Comment